Summary
This host is running ElectraSoft 32bit FTP client which is prone to Buffer Overflow vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary codes within the context of the application by connecting to malicious FTP servers or can cause the application to crash.
Solution
Upgrade to 32bit FTP version 09.05.01
http://www.electrasoft.com/32ftp.htm
Insight
A boundary error occurs while processing,
- response received from an FTP server with overly long banners.
- a overly long 257 reply to a CWD command.
- a overly long 227 reply to a PASV command.
Affected
ElectraSoft 32bit FTP 09.04.24 and prior on Windows
References
Severity
Classification
-
CVE CVE-2009-1592, CVE-2009-1611, CVE-2009-1675 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
- Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
- Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
- Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)